|
|---|
Category:Meeting Briefing Package/Handouts
MONTHYEARML24016A2372024-01-17017 January 2024
NEI Environmental Reviews Slides Public Meeting 1-17-24
ML24008A0442024-01-0909 January 2024
NEI - Slides for NRC Workshop 1 on Revision to RG 1.183 R1 - Final - ML24008A044
ML23342A0262023-12-14014 December 2023
December 14, 2023, Presentation on NEI 23-01 Operator Cold Licensing Training Plan for Advanced Nuclear Reactors
ML23347A1782023-12-13013 December 2023
12-14 NEI EPRI Presentation NRC Public Meeting 16-03 R1
ML23303A1922023-10-30030 October 2023
NEI Slides for SLR Public Meeting - Oct 31 2023
ML23324A2392023-10-24024 October 2023
S1P6 - Hilary Lane - NRC AMT Workshop - Oct. 2023
ML23258A1992023-09-20020 September 2023
NEI 99-02 Draft Rev. 8 Update for Sept 2023 ROP Public Meeting
ML23242A0782023-08-30030 August 2023
Hbu Workshop IV Industry Presentation: Drive to Deploy ATF with Increased Enrichment and Higher Burnup
ML23230A0142023-08-22022 August 2023
Industry Slide Presentation for 8-22-23 Meeting on ARCAP-TICAP and DG-1404 Guidance Documents
ML23191A0632023-07-0707 July 2023
NEI Cybersecurity Presentation for July 2023 ROP Public Meeting
ML23191A0662023-07-0707 July 2023
NEI 99-02 Draft Rev. 8 Update for July 2023 ROP Public Meeting
ML23160A1512023-06-15015 June 2023
25 - Industry - Industry Perspectives on ASME III and XI Pre-Service Inspection
ML23160A1422023-06-15015 June 2023
20 - Industry - Industry Perspective on Performance Monitoring
ML23116A1892023-05-31031 May 2023
Industry Observations of NRC Licensing Program (NEI Slides May 2023)
ML23136A5912023-05-18018 May 2023
NEI Safety Culture Presentation for May 2023 ROP Public Meeting
ML23125A3192023-05-0909 May 2023
NEI Presentation for May 9, 2023, Public Meeting on NEI 22-05, Revision a
ML23115A0302023-04-27027 April 2023
NEI Perspective on Performance Monitoring in Use of Probabilistic Fracture Mechanics for Optimizing Inspections of Non-RPV Pressure Vessels, April 27, 2023
ML23088A0822023-03-30030 March 2023
NEI Presentation - March 30, 2023 PRA Configuration Control Public Meeting
ML23082A0572023-03-28028 March 2023
Proposal to Establish Alternate Requirements for Components Commensurate with Safety and Risk
ML23079A2642023-03-23023 March 2023
General Visual Examination of Containment Surfaces Covered by Insulation - March 23, 2023 Public Meeting Slides from NEI
ML23210A0042023-03-15015 March 2023
Destination: Termination, NRC Regulatory Information Conference
ML23045A2892023-03-14014 March 2023
RIC 2023 - 03/14/2023 to 03/16/2023 Regulatory Information Conference (Ric).Operational and Safety Benefits of Risk Informed Applications
ML23061A0292023-03-0202 March 2023
NEI Presentation - Advanced Reactor Digital I&C Licensing Workshop 1
ML23013A0782023-01-13013 January 2023
PI&R Inspection Discussion for January 2023 ROP Public Meeting
ML23041A4342022-12-15015 December 2022
NEI Presentation for December 15, 2022 Industry Spent Fuel Activities Prioritization Meeting
ML22291A4442022-10-11011 October 2022
NEI 22-01 License Termination Plan Process Presentation at October 11 2022 Meeting on NUREG-1757 Vol. 2
ML22266A2632022-09-28028 September 2022
Session 2 - Advanced Reactor Developers Perspectives on Codes and Standards
ML22250A7122022-09-21021 September 2022
NEI 22-03 Presentation Slides for NRC Public Meeting (Sept. 21, 2022)
ML22235A7032022-08-24024 August 2022
NEI Presentation for Aug 26, 2022 Public Meeting - Source Terms and Radiological Consequence Analyses
ML22194A0682022-07-18018 July 2022
NEI Presentation for NEI 22-02 Rsi Response
ML22174A2822022-06-22022 June 2022
NEI Presentation for Public Meeting with NMMSS Users Community to Discuss Foreign Obligation Reporting Requirements for Low Enriched Uranium
ML22172A1352022-06-21021 June 2022
NEI Presentation for Public Meeting Industry Perspectives on Rulemaking for Greater than 5 Percent Enrichment
ML22143A8542022-05-20020 May 2022
Nuclear Energy Institue (NEI) Presentation Slides to ACRS Subcommittee on CCF Secy Paper, May 20, 2022
ML22136A1162022-05-11011 May 2022
Presentation 5 - Utilizing the Nuclear Energy Institute (NEI) 07-07 Industry Groundwater Protection Initiative as a Foundation for Addressing Subsurface Site Assessments
ML22088A0342022-03-29029 March 2022
Public Meeting Presentation by NEI Regarding Part 53 Rulemaking: Selected Topics
ML22077A4012022-03-23023 March 2022
NEI INL Presentation March 23, 2022, NRC Workshop Isv Hfe Issue
ML22070B1212022-03-16016 March 2022
Industry Perspective on IEEE Std -1819
ML22140A3612022-03-10010 March 2022
mccullumr- hv-th29
ML22060A0022022-03-0101 March 2022
Dt Public Meeting - NEI Slides
ML22042A0092022-02-11011 February 2022
NEI Presentation Slides for February 15, 2022, Public Meeting on Common-Cause-Failure (CCF) Policy
ML22031A2612022-01-31031 January 2022
NEI Feb 2022 PRA Configuration Control Inspection Workshop
ML22027A3922022-01-27027 January 2022
NEI 50.59 Risk Insights Presentation
ML21350A2122021-12-17017 December 2021
Slide Presentation: ACRS Future Plant Designs Subcommittee Meeting, 10 CFR Part 53, Licensing and Regulation of Advanced Nuclear Reactors - Presentation by Nuclear Energy Institute and Us Nuclear Industry Council
ML21335A2602021-12-0202 December 2021
ROP Public Meeting Gtg PI 12022021
ML21334A3562021-11-29029 November 2021
Fire Protection-ROP Public Meeting-120221
ML21223A1002021-08-11011 August 2021
NEI Slides for Public Meeting on Reg Guide 1.9, Rev.5 - Revised 8-11
ML21221A2962021-08-11011 August 2021
NEI Slide Presentation on Regulatory Guide 1.9, Revision 5 for Public Meeting August 11, 2021
ML21187A0572021-07-0707 July 2021
July 7 Public Mtg Slides for Pre-application of NEI 16-03 & EPRI i-LAMP
ML21173A0562021-06-22022 June 2021
NEI Presentation - Adversary Timeline Methodology (Final- 6.24.21) - Updated
ML21173A2862021-06-21021 June 2021
NEI 20-07 Systematic Approach to CCF NRC
2024-01-09
[Table view]
Category:Slides and Viewgraphs
MONTHYEARML24016A2372024-01-17017 January 2024
NEI Environmental Reviews Slides Public Meeting 1-17-24
ML24010A0202024-01-11011 January 2024
Public Meeting on SLR Efficiencies - NEI Presentation
ML24008A0442024-01-0909 January 2024
NEI - Slides for NRC Workshop 1 on Revision to RG 1.183 R1 - Final - ML24008A044
ML23342A0262023-12-14014 December 2023
December 14, 2023, Presentation on NEI 23-01 Operator Cold Licensing Training Plan for Advanced Nuclear Reactors
ML23347A1782023-12-13013 December 2023
12-14 NEI EPRI Presentation NRC Public Meeting 16-03 R1
ML23303A1922023-10-30030 October 2023
NEI Slides for SLR Public Meeting - Oct 31 2023
ML23324A2392023-10-24024 October 2023
S1P6 - Hilary Lane - NRC AMT Workshop - Oct. 2023
ML23261C3792023-09-27027 September 2023
NEI 22-04 Pre-Submittal Meeting with NRC - September 27, 2023
ML23258A1992023-09-20020 September 2023
NEI 99-02 Draft Rev. 8 Update for Sept 2023 ROP Public Meeting
ML23242A0782023-08-30030 August 2023
Hbu Workshop IV Industry Presentation: Drive to Deploy ATF with Increased Enrichment and Higher Burnup
ML23242A1662023-08-30030 August 2023
the Future of Nuclear Power: 2023 Baseline Survey (Slides)
ML23230A0142023-08-22022 August 2023
Industry Slide Presentation for 8-22-23 Meeting on ARCAP-TICAP and DG-1404 Guidance Documents
ML23228A0042023-08-18018 August 2023
NEI Slides for Public Meeting to Discuss Possible Efficiencies on the Subsequent License Renewal Review - August 18, 2023
ML23191A0162023-07-11011 July 2023
NEI Comments on Risk-Informed Process for Evaluation (RIPE) DORL TSG - 7/11/23 Public Meeting Slides from NEI
ML23191A0632023-07-0707 July 2023
NEI Cybersecurity Presentation for July 2023 ROP Public Meeting
ML23191A0662023-07-0707 July 2023
NEI 99-02 Draft Rev. 8 Update for July 2023 ROP Public Meeting
ML23160A1512023-06-15015 June 2023
25 - Industry - Industry Perspectives on ASME III and XI Pre-Service Inspection
ML23160A1422023-06-15015 June 2023
20 - Industry - Industry Perspective on Performance Monitoring
ML23116A1892023-05-31031 May 2023
Industry Observations of NRC Licensing Program (NEI Slides May 2023)
ML23136A5912023-05-18018 May 2023
NEI Safety Culture Presentation for May 2023 ROP Public Meeting
ML23125A3192023-05-0909 May 2023
NEI Presentation for May 9, 2023, Public Meeting on NEI 22-05, Revision a
ML23117A3712023-05-0202 May 2023
NEI Lessons Learned Meeting Slides, May 2, 2023
ML23115A0302023-04-27027 April 2023
NEI Perspective on Performance Monitoring in Use of Probabilistic Fracture Mechanics for Optimizing Inspections of Non-RPV Pressure Vessels, April 27, 2023
ML23088A0822023-03-30030 March 2023
NEI Presentation - March 30, 2023 PRA Configuration Control Public Meeting
ML23082A0572023-03-28028 March 2023
Proposal to Establish Alternate Requirements for Components Commensurate with Safety and Risk
ML23079A2642023-03-23023 March 2023
General Visual Examination of Containment Surfaces Covered by Insulation - March 23, 2023 Public Meeting Slides from NEI
ML23210A0042023-03-15015 March 2023
Destination: Termination, NRC Regulatory Information Conference
ML23045A2892023-03-14014 March 2023
RIC 2023 - 03/14/2023 to 03/16/2023 Regulatory Information Conference (Ric).Operational and Safety Benefits of Risk Informed Applications
ML23061A0292023-03-0202 March 2023
NEI Presentation - Advanced Reactor Digital I&C Licensing Workshop 1
ML23013A0782023-01-13013 January 2023
PI&R Inspection Discussion for January 2023 ROP Public Meeting
ML23012A1382023-01-12012 January 2023
General Visual Examination of Containment Surfaces Covered by Insulation - 1/19/23 Public Meeting Slides from NEI
ML23041A4342022-12-15015 December 2022
NEI Presentation for December 15, 2022 Industry Spent Fuel Activities Prioritization Meeting
ML22333A7192022-11-29029 November 2022
NEI-Presentation-Seismic Hazards Public Meeting - November 2022 - Final Presentation to NRC
ML22318A3032022-11-16016 November 2022
NEI-22-01 License Termination Process Pre-Submittal Meeting November 16, 2022 (Presentation)
ML22291A4442022-10-11011 October 2022
NEI 22-01 License Termination Plan Process Presentation at October 11 2022 Meeting on NUREG-1757 Vol. 2
ML22250A7122022-09-21021 September 2022
NEI 22-03 Presentation Slides for NRC Public Meeting (Sept. 21, 2022)
ML22235A7032022-08-24024 August 2022
NEI Presentation for Aug 26, 2022 Public Meeting - Source Terms and Radiological Consequence Analyses
ML22216A1152022-08-0404 August 2022
August 4, 2022 Rislr Public Meeting Presentation by Nuclear Energy Institute
ML22194A0682022-07-18018 July 2022
NEI Presentation for NEI 22-02 Rsi Response
ML22174A2822022-06-22022 June 2022
NEI Presentation for Public Meeting with NMMSS Users Community to Discuss Foreign Obligation Reporting Requirements for Low Enriched Uranium
ML22172A1352022-06-21021 June 2022
NEI Presentation for Public Meeting Industry Perspectives on Rulemaking for Greater than 5 Percent Enrichment
ML22152A0942022-06-0202 June 2022
NEI Slides - Risk Insights for Aging Management Presentation June 2, 2022
ML22143A8542022-05-20020 May 2022
Nuclear Energy Institue (NEI) Presentation Slides to ACRS Subcommittee on CCF Secy Paper, May 20, 2022
ML22164A0182022-05-18018 May 2022
Fuel Cycle Industry NRC Fcf Stakeholders Mtg May 2022
ML22124A2072022-05-13013 May 2022
Public Meeting Slides for May 13 2022 CRGR Meeting Regarding RIS on Operating Leakage
ML22136A1162022-05-11011 May 2022
Presentation 5 - Utilizing the Nuclear Energy Institute (NEI) 07-07 Industry Groundwater Protection Initiative as a Foundation for Addressing Subsurface Site Assessments
ML22102A2022022-04-12012 April 2022
NEI Presentation Related to the Development of Adversary Timelines NRC Comment Resolution
ML22053A2802022-03-31031 March 2022
Regulatory Information Conference (RIC) RIC 2022 Technical Session T8 - True D - NEI Presentation RIDM Greater than Sum of Its Parts
ML22088A0342022-03-29029 March 2022
Public Meeting Presentation by NEI Regarding Part 53 Rulemaking: Selected Topics
ML22077A4012022-03-23023 March 2022
NEI INL Presentation March 23, 2022, NRC Workshop Isv Hfe Issue
2024-01-09
[Table view] |
Text
Cyber Security Program Performance Review (CSPPR)
David Neff Principal Licensing Engineer Exelon Generation February 2020
©2020 Nuclear Energy Institute
CSPPR Presentation Overview Initiative objectives Current licensee assessments and NRC baseline inspection Ongoing monitoring and assessment Road to performance based program assessment Performance metrics Maintaining defense-in-depth protective strategies Next steps / implementation
©2020 Nuclear Energy Institute 2
CSPPR Initiative Objectives Continuous Improvement of licensee performance Create performance metrics to identify gaps and drive for program improvement Provide for authentic verification process for Boundary and Detection device capabilities Increase focus on Safety and Security
©2020 Nuclear Energy Institute 3
Current Licensee Assessments and NRC Baseline Inspection Milestone 8 Inspection readiness assessment Review of station Comprehensive Assessment Program (CAP) data Industry inspection lessons learned 24-Month Program Effectiveness Review CSP 4.4.3 Cyber Security Program review - 10CFR73.55(m) and CSP 4.12 NRC Inspection Procedure IP 71130.10P
©2020 Nuclear Energy Institute 4
Ongoing Monitoring and Assessment (OM&A)
OM&A (CSP Section 4.4)
Configuration Management of CDAs (4.4.1)
Cyber Security Impact Analysis (4.4.2)
Ongoing Assessments of Cyber Security Controls (4.4.3)
- Effectiveness Analysis (4.4.3.1)
- Vulnerability Assessments (4.4.3.2 and App E.12)
Verification Rogue Assets Not Connected (App D.1.18)
Cyber Security Program Review (10CFR73.55(m), 4.12)
©2020 Nuclear Energy Institute 5
Ongoing Monitoring and Assessment Cyber Security Controls Effectiveness Analysis (CSP 4.4.3.1)
Configuration Management and Change Control (CSP 4.4.1, E.10)
Impact Analysis of Changes and Environment and Risk/Vulnerability Assessments (CSP 4.4.2, 4.4.3.2, 4.9, E.4, E10.5)
Attack Mitigation / Incident Response (CSP 4.6, CSIRT Event Results)
Contingency Plan Maintenance (CSP 4.7)
Training (CSP 4.8)
Records Retention (CSP 4.13)
System/Services Acquisition and Supply Chain (CSP E.11)
©2020 Nuclear Energy Institute 6
Programmatic Changes /
Event Reporting Changes to CSP, procedures, new or deleted controls (10CFR50.54(p))
Operating experience (CSP 4.3.9)
Problem Identification and Resolution (CSP 4.9.4, CAP)
Cyber Security Program Review (CSP 4.12, 10CFR73.55(m))
©2020 Nuclear Energy Institute 7
Road to Performance Based Program Assessment Building a Program Performance Assessment Process Maintain CSP requirements Utilize existing self assessment program Assure programmatic compliance Create performance metrics to drive results Perform defense-in-depth protective strategies
©2020 Nuclear Energy Institute 8
Road to Performance Based Program Assessment Building a Program Performance Assessment Process Maintain CSP requirements Utilize existing self assessment program Assure programmatic compliance Create performance metrics to drive results Perform defense-in-depth protective strategies
©2020 Nuclear Energy Institute 9
Performance Metrics - The Why Identify weaknesses Determine trends to better utilize security resources Determine the success or failure of implemented security solutions Evaluate compliance with regulations Improve the performance of implemented security controls Answer high-level business questions regarding security
Reference:
CYBER SECURITY METRICS AND MEASURES Paul E. Black, Karen Scarfone and Murugiah Souppaya National Institute of Standards and Technology,
©2020 Nuclear Energy Institute 10
Performance Metrics - The How Objectives / intended results Critical success factors / performance standards Key performance indicators Performance metrics Measures
REFERENCE:
5 Steps to Actionable Key Performance Indicators, Unilytics, Peder Enhorning
©2020 Nuclear Energy Institute 11
Performance Metrics - The Specifics Objective: Maintaining Detection, Response, Elimination and Restoration Capability (CSP 4.6, 2.2.13, 2.2.14)
Performance Standard: Personnel are trained, practiced and available to perform the attack mitigation, incident response and recovery actions Measure: 1. Qualified Cyber Security Incident Response Team (CSIRT) is comprised of sufficient numbers of qualified members including performance in a drill or actual investigation
- 2. Cyber Security Specialists are available, experienced and current with industry issues Metric: 1. Minimum numbers of qualified CSIRT members exist
- 2. Minimum numbers of Specialists that meet the criteria
©2020 Nuclear Energy Institute 12
Performance Metrics - The Specifics Maintaining Detection, Response, Elimination and Restoration Capability GREEN (3) Exceeds the minimum requirements of CSIRT Members Qualified CSIRT Team WHITE (2) Meets the minimum requirements of CSIRT Members NEI 08-09 Appendix One department does not meet the minimum A4.11, E7, E8 YELLOW (1) requirements.
More than one department does not meet the minimum RED (0) requirements.
2 or more people fully qualified with over a year of experience in the program and attend either one industry GREEN (3) meeting (NEI, NITSL, EPRI CTAC), or a non-XXXXX Inspection, a non-XXXXX pre-inspection assessment, or a non-XXXXX benchmarking within the last 2 years.
1 person fully qualified with over a year of experience in Cyber Security the program and attend either one industry meeting (NEI, Specialist Proficiency NITSL, EPRI CTAC), or a non-XXXXX Inspection, a non-NEI 08-09 Appendix A, WHITE (2) XXXXX pre-inspection assessment, or a non-XXXXX Section 4.11 benchmarking within the last 2 years with a backup specialist fully qualified with less than one year of experience.
1 Person fully qualified with less than one year of YELLOW (1) experience, and no backup persons.
RED (0) No one qualified in the Primary or Backup role.
©2020 Nuclear Energy Institute 13
Performance Metrics - The Specifics Objective: Threat and Vulnerability Management Process Effectiveness (CSP 4.4.3.2, 2.2.14, E12)
Performance Standard: Threats and vulnerabilities are evaluated and mitigation actions tracked in CAP and implemented timely Measure: 1. Number of completed, open and overdue remediation actions Metric: 1. Remediation actions completed per the action plan due dates
©2020 Nuclear Energy Institute 14
Performance Metrics - The Specifics Threat and Vulnerability Management Process Effectiveness No open remediation actions OR 1 open remediation action and corrective action plan has been developed GREEN (3) with implementation on schedule and no due date extensions.
Threat & Vulnerability Has > 1 open remediation actions and corrective Management, OE WHITE (2) action plan has been developed with implementation Remediation, NER on schedule and no due date extensions.
NEI 08-09 E.12, A4.9.1 Has > 1 open remediation actions and corrective YELLOW (1) action plan has been developed, but due date has been extended.
Has > 1 open remediation actions and no corrective RED (0) action plan has been developed.
©2020 Nuclear Energy Institute 15
Performance Metrics - Other Areas Cyber security controls are maintained throughout the life cycle of CDAs. (CSP 4.4.1, 4.5, 2.2.1, 2.2.2, 2.2.3, 2.2.6, E10)
Maintaining Defense-In-Depth architecture and preventing potential bypasses. (CSP 4.3, 2.2.7, 2.2.8, E6)
Maintaining Detection, Response, Elimination and Restoration capability (CSP 4.6, 2.2.13, 2.2.14)
PI&R Effectiveness (CSP 2.2.11, 4.9.4)
©2020 Nuclear Energy Institute 16
Performance Metrics - Other Areas Threat and Vulnerability Management Process effectiveness (CSP 4.4.3.2, 2.2.14, E12)
Records of items and activities affecting cyber security are developed, reviewed, approved, issued, used, and revised to reflect completed work. Records are retained and retrievable. (CSP 4.13, D2.6, D2.7, D10.3)
Sustainability of future program improvement (CSP 4.8, 2.2.10, E7.2, E9)
©2020 Nuclear Energy Institute 17
Maintaining Defense-In-Depth Protective Strategies Assurance of defensive model (levels)
Physical/logical isolation of safety and security CDAs Network boundary & monitoring device effectiveness Options for providing assurance of effectiveness
©2020 Nuclear Energy Institute 18
Maintaining Defense-In-Depth Protective Strategies Options for Providing Assurance of Effectiveness
- Portable multi-media device
- Previously conducted (PMMD) Kiosk Health licensee testing
- Vulnerability assessments
- Analysis of monitoring audit and remediations logs
- Configuration setting review devices
- Laboratory testing detection and response capability
- Post-Mod Testing protocols
©2020 Nuclear Energy Institute 19
CSPPR and Performance Metrics Next Steps NEI Cyber Security Task Force Tiger Team initiative developing written guidance for the CSPPR process.
- Objectives, Performance Standards, Measures and Metrics
©2020 Nuclear Energy Institute 20
CSPPR Implementation Industry Guidance Issuance 2Q2020 NRC Informed of Guidance 2Q2020 Industry / NRC Workshops 3Q/4Q2020 Industry Pilots 4Q2020 Licensee implementation TBD
©2020 Nuclear Energy Institute 21
Questions ?
Contact Information David Neff - David.Neff@exeloncorp.com
©2020 Nuclear Energy Institute 22